Am Fri, 28 Aug 2015 06:06:06 +0000
schrieb "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>:
> Hi again,
>
> I didn’t want to do a thread high jacking so here a second mail with
> a complete other question
>
> If I’have a structure like:
> User
>
> - Role
> Role
>
> - User
>
> - Permission
> Permission
>
> - Role
>
> Now I want to get the authorization for some permission, So I have
> the information which user and which Permission. Now I need to match
> the list. The way it already work: Get all Roles for a Permission
> Search in the user for the Role
> If found Authorization
> Else no
> Therefore I need at least two requests to the LDAP server
For this sort of tasks I use slapo-memberof(5) and a proper filter.
Something like (&(uid=$1)(memberOf=myGroup))
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E